Merge pull request #37498 from dgoodwin/firewalld-check

Automatic merge from submit-queue (batch tested with PRs 37945, 37498, 37391, 37209, 37169)

Warn if firewalld service is enabled.

Fixes https://github.com/kubernetes/kubeadm/issues/21

Output will be:

```
(root@centos1 ~) $ kubeadm init             
Running pre-flight checks
WARNING: firewalld is active, please ensure ports [6443 9898 10250] are open
```

I went with the port list from @errordeveloper 's ansible playbook here but it's possible there should be others listed.

cmd/kubeadm/app/preflight/checks.go

@@ -82,6 +82,32 @@ func (sc ServiceCheck) Check() (warnings, errors []error) {
 	return warnings, errors
 }
 
+// FirewalldCheck checks if firewalld is enabled or active, and if so outputs a warning.
+type FirewalldCheck struct {
+	ports []int
+}
+
+func (fc FirewalldCheck) Check() (warnings, errors []error) {
+	initSystem, err := initsystem.GetInitSystem()
+	if err != nil {
+		return []error{err}, nil
+	}
+
+	warnings = []error{}
+
+	if !initSystem.ServiceExists("firewalld") {
+		return nil, nil
+	}
+
+	if initSystem.ServiceIsActive("firewalld") {
+		warnings = append(warnings,
+			fmt.Errorf("firewalld is active, please ensure ports %v are open or your cluster may not function correctly",
+				fc.ports))
+	}
+
+	return warnings, errors
+}
+
 // PortOpenCheck ensures the given port is available for use.
 type PortOpenCheck struct {
 	port int
@@ -239,6 +265,7 @@ func RunInitMasterChecks(cfg *kubeadmapi.MasterConfiguration) error {
 		HostnameCheck{},
 		ServiceCheck{Service: "kubelet"},
 		ServiceCheck{Service: "docker"},
+		FirewalldCheck{ports: []int{int(cfg.API.BindPort), int(cfg.Discovery.BindPort), 10250}},
 		PortOpenCheck{port: int(cfg.API.BindPort)},
 		PortOpenCheck{port: 8080},
 		PortOpenCheck{port: int(cfg.Discovery.BindPort)},